Connection Of Wazuh agent to forward node in security onion
93 views
Skip to first unread message
Luke Burmeister
May 31, 2023, 4:07:29 PM5/31/23
to Wazuh mailing list
Hello! I am running a security onion w/ a search manager and a forward node and am trying to get a connection of the windows wazuh agent to the forward node. but am getting the message in the ossec logs attached, thank you! Also do you know how to see the logs the wazuh agent sends in security onion console(2.3.190)? Wazuh agent and server are correct version and it was just allowed on the firewall I believe. Attached is the ossec logs. Thanks again!
Nicolas Alejandro Bertoldo
Jun 1, 2023, 9:37:30 AM6/1/23
to Wazuh mailing list
Hi Luke!
To troubleshoot the connection issue between the Windows Wazuh agent and the forward node, we recommend checking the following:
1) Ensure that the Wazuh agent is correctly configured with the IP address of the forward node.
2) Check that the firewall is allowing traffic between the agent and the forward node.
3) Configure Windows agent to collect logs: https://documentation.wazuh.com/3.13/user-manual/capabilities/log-data-collection/index.html#log-data-collection
3) Configure Windows agent to collect logs: https://documentation.wazuh.com/3.13/user-manual/capabilities/log-data-collection/index.html#log-data-collection
4) Verify that the Wazuh manager is receiving data from the agent.
Regarding the logs, you have to enable the <logall> (or <logall_json>) option. See this: https://documentation.wazuh.com/3.13/user-manual/capabilities/log-data-collection/how-it-works.html#alert
Let us know if you have any further questions or concerns.
Regards.
Reply all
Reply to author
Forward
0 new messages